Journaling, Analysis, and Archiving of Electronic Communications

ABSTRACT

Disclosed is a communication journaling and archival system which obtains content from social networks, handles re-authentication requirements which occur with respect to monitored users and social networks, includes content obtained from social networks in a journal and archiving system compatible with email journaling and archiving, and can be configured to send a journaled communication to multiple journal destinations and journal formats.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of application Ser. No. 13/179,700,filed Jul. 11, 2011, which application is incorporated herein, in itsentirety, for all purposes.

SUMMARY OF THE INVENTION WITH BACKGROUND INFORMATION

Governmental regulatory bodies, courts, and laws required that certaincommunications be preserved and require that organizations andindividuals respond to certain communications in prescribed manners. Forexample, an insurance company may be required to log (and potentiallyrespond to) all instances in which a litigation threat is made to aninsurance broker in relation to a policy written by the insurancecompany, even if the broker is not employed directly by the insurancecompany, but is an independent contractor representing multipleinsurance companies. In another example, a company involved inlitigation may be required to produce all communications to or from aparticular employee or type of employee. In another example, a companymay be required to handle credit card information in ways prescribed bycontract and/or law, such as that credit card information be encryptedand/or that it not be held for longer than a specified period of time.In the United States, Sarbanes Oxley, HIPAA, the Data Protection Act,the Patriot Act, and other laws require that certain communications bepreserved, sometimes in different ways (such as with different securitylevels) and/or responded to in different ways. Hereinafter, the term“monitored user” will refer to a party whose communications need to bejournaled and archived; the monitored user may be a party such as thebroker discussed above, an employee of a company, or similar.

Various service providers and software companies have begun to addressthe need to journal and archive electronic communications, such asemail, and one-to-one or one-to-many instant messaging. However, manysuch solutions require that the email and/or instant messaging takeplace on computers under the control of the company with the journalingneed and/or under the control of a journaling service provider. Forexample Microsoft, Inc., released an email journalling feature inservice packs for Exchange™ dating back to 2000, 2003, and 2004. As istypical, the feature requires that rules be set to determine whichemails should be journaled, rules based on a sender or recipient.Journaling and archiving systems commonly operate at the email server bycopying a journaled message to a new email (often as an attachment),preserving the journaled message's original headers in the message bodyof the new email (if an email is merely forwarded by an email client,the original headers are often discarded or modified), optionallyutilizing different protocols to record bcc recipients, recipients fromdistribution groups, and recipients who result from forwarding rules,and sending the new journal email to a journaling server and/or archiveserver. These systems represent a problem relative to the exampleprovided in the preceding paragraph with respect to the insurancecompany broker who, as an independent contractor, may be using an emailservice not controlled by the insurance company. Steps may be taken toforward the email from the broker's site to the insurance company or ajournaling/archiving service provider, though these steps assume thatthe broker controls the broker's email server, which may not be thecase, and/or such an approach may result in forwarding too many emailsto the journaling/archiving service provider, such as forwarding all ofthe broker's email and/or email from others at the broker's locationwhich may meet the forwarding criteria. In addition, existing journalingand archiving systems do not address communications which take place insocial media. Social media present a different set of problems in termsof identifying which and how communications are to bejournaled/archived, accessing the social media providers, andmaintaining access to the social media providers in a way which is nottaxing to the monitored user.

In addition, a journaling/archiving service provider may find that anemail to be journaled and archived needs to be sent to multiple journaland archive destinations, such as if the monitored user represents acompany with multiple journaling and archiving destinations or if themonitored user represents more than one company, each of which may havemultiple journaling and archiving destinations. For example, FIG. 3 (notshowing prior art) presents a diagram of a monitor 305. The monitor 305may be engaged by one or more monitor customers 303 to monitor thecommunications sent and received by the monitored users 301.A through301.0 from communicators 105.A through 105.C (who may be anyone themonitored users 301 communicate with, including the monitor customer 303and others). The monitor 305 may maintain its own journal servers 221and archives 223 to journal and archive monitored communications; themonitor customer 303 may also require that communications be sent to a3rd party monitor 307, separate from the monitor 305; the 3rd partymonitor may maintain journal servers and archives (not shown) or mayperform other operations with respect to monitored communications, suchas (for example) indexing content to improve a search algorithm. Themultiple archives 223.A through 223.0 and archives and/or otherprocessors of the 3rd party monitor 307 may utilize different formats,may have different security requirements, or generally have differentstructures. In this case, the multiple journaling and archivingdestinations may accept the message to be journaled in differentformats.

In existing approaches, multiple journaling and archiving systems mustbe setup separately to address the monitored users 301. In addition, themonitor 305 would not handle social media. In addition, differentjournaling and archiving systems maintained by monitor 305 and 3rd partymonitor 307 do not work together.

In the context of email, emails generally have a structure comprising anenvelope, one or more headers, a message body (or simply “body”), andattached messages. Email format is generally described in Request forComments (“RFC”) 5322, published by the Network Working Group of theInternet Engineering Task Force (“IETF”), with additional information inRFC 5321, Simple Mail Transfer Protocol (“SMTP”). The envelope generallycontains addressing information which is used by email servers to routethe email, generally the “to” address and a “from” or “on behalf of”address. The header generally contains addressing and additionalinformation (such as subject and date/time), though the headerinformation is not necessarily used by email servers to route the email.The message body generally contains text in ASCII format. Emailattachments are generally in a Multipurpose Internet Mail Extensions(“MIME”) format, which makes possible text in character sets other thanASCII (including for use in supporting non-ASCII header information),non-text data attachments, message bodies with multiple parts, and asotherwise specified in the following RFCs: 2045, 2046, 2047, 4288, 4289,and 2049. As used herein, emails are discussed as comprising an outermessage comprising an envelope, header, body, and attachments (if any),as well as potentially comprising an inner message. The inner messagemay comprise the same parts (envelope, header, body, and attachments),though the envelope of the inner message is not generally used to routethe inner message. The inner message is carried in the message body ofthe outer message or as an attachment to the outer message. The innermessage is not routed separately from the outer message (which isrouted). The inner message is an email message which is attached to ormade part of (the body of) the outer message

An email journal message or journal message is an outer email messagewhich includes an inner message comprising content from a new emailmessage. The journal message (including both outer and inner parts) maybe journaled, analyzed and archived, while the new message (just theinner part of the email journal message) is sent (separately from theemail journal message) to the intended recipient. In addition to theinner message comprising content from the new email message, the journalmessage may contain metadata related to the new message, such as times,dates, names/physical location of/identifiers for individuals involvedin the communication, and/or a class or category assigned to the messageby a person or by rules executed by a software program. The journalmessage generally follows an email transport format, such as SMTP, andis sent as an email to an email journal server. The journal message maybe encrypted and/or may not be accessible to the end-user who generatedthe new email message which was journaled. The journal message may behandled as an email by existing communication infrastructure.

Archiving generally refers to backing up a communication, often to anoff-site location or to files not actively used by an end user's emailclient. A journaling system may be used as an interface to an archivalsystem.

Recently, social media (such as Facebook, Twitter, and similar) havebecome widely used as communication forums. Social media present manychallenges in the context of journaling and archiving communications,including that authorization is required from the social media forum toperceive the communication, that social media authentication andauthorization systems change frequently, that the presentation ofcommunications to users within a social media context may depend on ahost of factors (there is not necessarily a “sender” and a “recipient”),and that a wide range of communication modes are possible, includingvideo, photographs, text exchanges taking place across short or longtime frames, communications composed of content from multiplecontributors selected by the social media operator and advertisers, andcommunications directed algorithmically at groups, rather than from oneindividual to another or through broadcasts.

Needed is a communication journaling and archiving system which i)obtains specified content from a social media network, re-authenticateswith the social media network as necessary, ii) stores email, instantmessage, and content from social media networks in a system compatiblewith email journaling and archiving systems, and iii) can be configuredto send a journaled communication to multiple journal destinations andjournal formats.

SUMMARY

Disclosed is a communication journaling and archival system whichobtains content from social networks, handles re-authenticationrequirements which occur with respect to monitored users and socialnetworks, includes content obtained from social networks in a journaland archiving system compatible with email journaling and archiving, andcan be configured to send a journaled communication to multiple journaldestinations and journal formats.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts parties, devices, and certain communication paths in afunctional block diagram.

FIG. 2 depicts devices and certain communication paths of a monitor in afunctional block diagram.

FIG. 3 is a functional block diagram depicting an example of devices andcertain communication paths.

FIG. 4 is a flow chart of a process described in these papers.

FIG. 5 is a flow chart of a process described in these papers.

FIG. 6 is a functional block diagram of an exemplary computing deviceand some data structures and/or components thereof.

DETAILED DESCRIPTION

FIG. 1 diagrams parties involved in a set of communications used as anexample in these papers. Components 101.A through 101.0 depict examplerepresentatives of service providers, service providers depicted bycomponents 103.A through 103.C; these parties may be, for example,stock/bond brokers, dealers, banks, insurance companies, or otherproduct or service providers. The representatives 101.A-101.0 arelabeled as “3rd party Representatives,” though they may be employees ofone or more of the service providers 103.A-103.C. A line is drawnbetween each of the representatives 101.A-101.0 and the serviceproviders 103.A-103.C, each line representing a one-to-one orone-to-many communication connection, such as may be provided by emailor instant messaging. Communication lines (not shown) may also existbetween the representatives as well as between service providers. Therepresentatives 101 and service providers 103 are also referred toherein as “monitored users” and are also depicted in FIG. 3 as monitoredusers 301.A through 301.C. 3rd party Representatives 101 (or monitoredusers 301) as well as others (such as service providers 103.A-103.C) mayalso be customers of a journaling and archiving service (also referredto as a monitor 305), in which case they are referred to herein as“monitor customers 303.”

Surrounding the representatives 101 and the service providers 103 arecommunicators 105. The communicators 105 may be customers of therepresentatives 101, the service providers 103, or both. Thecommunicators 105 may also be those who are not customers, but who maynonetheless have legally significant communications with therepresentatives 101 and/or the service providers 103, whichcommunications need to be preserved. The communicators may communicatewith one another and the other parties shown in FIG. 1 via email,instant messaging, through social media networks 107, through phone,videophone, physical mail, and in-person.

Around the representatives 101, service providers 103, and communicators105 in FIG. 1 is depicted a social media network 107. More than onesocial media network 107 may exist. The social media network 107 may,for example, provide an Internet based forum for exchanging identityinformation, text, pictures, audio, video (collectively referred toherein as “content”), and computer applications (referred to herein as“apps”) between users of the social media network 107. The users of thesocial media network 107 may (without limitation) include therepresentatives 101, the service providers 103, the communicators 105,and the regulators 109. A user of the social media network, such as acommunicator 105, may have a “home,” “wall,” “landing page” or similarwithin the user interface of the social media network where the socialmedia network user can post and manage content, interact with apps,identify other users with whom the user is associated (referred toherein as “friends”), and search the social media network 107 and/or theInternet. The social media network 107 may provide users with a set ofpermissions defining whether and how various of the user's content maybe accessed by others, including other users, advertisers, appdevelopers, and users of the Internet in general. The permissions may beset with respect to particular content items (such as a photograph, avideo, the user's name, address, or similar) or groups of items (such asall photos, all videos, folders, etc.) and may specify how far thepermission may propagate, such as to a friend, a friend-of-a-friend, appproviders, etc. Permissions may last indefinitely or may time out.Permissions in social media networks 107 may be changed by users as wellas by the operator of the social media network 107.

Permissions may be managed, for example, through the use of an OpenIDidentifier or OAUTH credential or token (referred to herein as an “OAUTHcredential”). Instead of providing the user's credentials (typically ausername and password), the monitored user 301 (or a social medianetwork acting on behalf of the user) may provide an OAUTH credentialwhich provides access to some or all of a user's content in the socialmedia network 107 for a period of time (ranging from indefinite to for aspecified period). The user may provide the OAUTH credential byinteracting with, for example, a “flow” supported by the social medianetwork 107, such as a user-agent flow, a web server flow, a deviceflow, or others.

In a typical flow, the monitor 305 has an account with the social medianetwork; the monitor 305 uses the account to configure authorizationrequests which the monitor 305 expects to generate in relation tomonitored users 301. The monitor 305 then generates a hypertext linkcontaining output from a hash algorithm, such as an MD5 or cryptographicalgorithm, performed on an identifier for the monitored user and/or onan identifier for the monitor 305 or performed on content from thesocial media network associated with the monitored user, which link issent or otherwise presented to a monitored user. When the monitored userclicks on or otherwise activates the link, the link directs themonitored user to a webserver operated by the monitor which may thenredirect the monitored user to a webpage or similar generated by thesocial media network. The hash output identifies the monitored user 301and the monitor 305 to the social media network. The social medianetwork's webpage provides the monitored user 301 with an opportunity togrant permissions to the monitor 305. If the monitored user approves thegrant of permissions, then the social media network typically issues anOAUTH credential to the monitor 305. Other flows may be used.

Turning back to FIG. 1, regulators 109 are depicted around the otherparties. The regulators 109 may include governmental regulatory bodies,courts, laws, trade group policies, contractual terms and similar whichrequire that certain communications be preserved for prescribed timesand require that organizations and individuals respond to certaincommunications in prescribed manners. For example, an insurance companymay be required to log (and potentially respond to) all instances inwhich a litigation threat is made to an insurance broker in relation toa policy written by (or under) the insurance company, even if the brokeris not employed directly by the insurance company, but is an independentcontractor representing multiple insurance companies. In anotherexample, a company involved in litigation may be required to produce allcommunications to or from a particular employee or type of employee. Theregulatory requirements may be imposed on all the parties depicted inFIG. 1. In order to preserve and potentially respond to communicationsas required by the regulators 109, one or more of the service providers103.A-103.0 may obtain message journaling and archiving services, suchas from the monitor 305 depicted in FIGS. 2 and 3.

FIG. 2 depicts a single monitor 305 with a system comprising multiplecomponents. Within these components, box 202.A depicts a messageprocessor and VPN (virtual private network); additional boxes 202.B and202.0 signify that there may be more than one set of these items (stillwithin one message journaling and archiving service provider). Box 213depicts components used for archiving, routing, and VPN. The componentsin boxes 202 and 213 may be physically located together or apart (asshown). Within box 202, there is a component for a public Internetconnection 200, which is connected to a load balancing and firewallcomponent 201. The load balancing and firewall 201 may then be connectedto an internal network (such as, without limitation, an ethernetnetwork) connected to one or more message processing components 203, oneor more encrypted message processing components 205, a web server 207,and a VPN server 209. The message processors 203 may receive, forexample, messages such as emails, instant messages, and similar.Messages may be sent, for example, by a representative 101, a serviceprovider 103, or another monitored user 301. As discussed above, themonitored user 301 may configure the monitored user's email server tosend a copy or branch of all inbound and outbound email messages to themonitor 305, which branch maintains the original message envelope. Themonitored user may configure the monitored user's instant messagingclient(s) to use the IM proxy 225 of the monitor 305. The messageprocessors 203 may also be used to transmit email out of the monitor305. The outbound message processors 205 may be used if outboundcommunications require encryption not typically offered by the messageprocessors 203.

The VPN server 209 at the message processor 202 is connected to a VPNserver 219 at the archive, routing, and VPN component 213. The archive,routing, and VPN component 213 is also depicted as comprising a publicInternet connection 200, a load balancing and/or firewall component 211,which is connected to an internal network (such as, without limitation,an ethernet network) connected to components for a journal server 221, amonitored user database 222, an archive 223 (which may be one or moredatabases, one or more flat files, etc.), a management frontend 213(which may provide a web or other interface for monitor customers 303and the monitor 305), and an IM proxy 225. The journal server 221 routesmessages to other journal servers (221.A through 221.0 in FIG. 3 andpotentially 3rd party monitor 307 in FIG. 3) and archives (223.A through223.0 in FIG. 3 and potentially 3rd party monitor 307 in FIG. 3),according to the method discussed below. The monitored user database 222may be one or more databases, flat files, or similar containing recordsassociated with monitored users, such as identifiers associated withmonitored users, social media provider identifiers associated withmonitored users, email addresses, phone numbers, instant messageidentifiers and similar associated with monitored users, the output ofhash algorithms performed on content associated with monitored users,the output of hash algorithms performed on identifiers associated withmonitored users, time/date stamps, and similar.

FIG. 4 depicts a flow chart of steps in a process wherein messages arereceived, journaled, and archived. The messages may include email suchas may be received at a message processor 203 and/or instant messagesreceived or sent by an instant message client utilizing the IM proxy225. The messages may include email comprising content from a socialmedia network, as discussed further below in relation to FIG. 5.

Step 403 depicts accepting a message at a scanner, which scanner may bea message processor 203. The scanner may provide geographic redundancyand may verify that the message is a properly formatted email. Themessage is then sent, for example using the VPN 209, as a journalmessage to the journal server 221. The message is sent as an innermessage attached to or part of an outer message. After being accepted(not shown) at the journal server 221, the message formatting isdetermined 407. If the outer message was sent by the message processor203, the format may be a known first format utilized by the messageprocessor 203. If the message is from a third party and does not conformto the first message format, the journal server 221 may determine if theformat conforms to another message format, such as the message journalformat used by Microsoft, Inc. or another format. The message format isdetermined so that in step 409 the outer message envelope may be parsedto identify what address the outer message was sent to and what addressthe outer message was sent from. Determining the message format may alsobe used to identify headers, body, and attachments, which body andattachments may further comprise one or more inner email messages. Ifstep 409 was not successful, then step 411 may be performed to obtainaddress data from the outer message headers or, in further alternatives,from inner message envelopes, headers, bodies, or attachments.

At step 412, the number of monitor customers 303 associated with theaddressing is determined (referred to in the claims as a “monitorcustomer container count”). The number of monitor customers 303 may bebased on domain names and/or other email address portions obtained atstep 409 (or 411). Specific email addresses may be assigned to specificmonitor customers and/or strings or coded strings in the envelopeaddresses, in headers, body, or attachments may identify or beassociated with monitor customers 303. If more than one monitor customeris determined, then the process moves to step 441. At step 441 themessage is branched. Branching may mean that both the inner and outermessages are included as inner messages in a new outer message or it maymean that only the inner message is included in a new outer message. Asan example, at step 443 at least one address from or associated with themonitored customers which caused the monitored customer count to exceedone is used as an address in the envelope for the outer message of themessage branch. At step 445 the message branch is processed by thejournal server, similar to step 405. The message may be branched once atstep 441 and the process of steps 407 to 445 iterated to addressmultiple customers, with one of the addresses which caused the customercount to exceed one being used, removed, or flagged on each iteration(such as by using a specified variation on the address in the envelopefor the branch); alternatively, at step 441 a branch of the message maybe made for each customer exceeding one, executing steps 441 through 445in a batch process for the set of customers exceeding one.

At step 413 records associated with the monitored users associated withthe monitored customers are checked to determine if one or more of themonitor customers have requested multiple journal destinations and/ormultiple journal sub-destinations based on the monitor customer and thesender/recipient in the addressing. For example, a monitor customer mayhave requested that any email sent to/from <example@sample.com>be sentto both one or more remote journaling service and one or more localjournaling service(s). At step 414 a pre-scan may be performed. Thepres-scan may analyze one or more of inner and/or outer envelopes,headers, bodies, and/or attachments to identify if the message containscontent associated with a subset of the journal destinations identifiedin step 413. The pre-scan step 414 may be performed before or inconjunction with step 413.

At step 417 a decision is made regarding whether the message is to berouted to a local or a remote journal destination. If the journaldestination is remote (for example, a journal not controlled by themonitor 305 and/or the party executing the process outlined in FIG. 4),then at step 419 the format for the remote destination may be applied.As examples, the following formats may be utilized: an email format(delivered, for example, using SMTP); a text format (up/downloaded viaFTP or secure FTP); an XML format (up/downloaded via FTP or secure FTP);an SQL format (delivered via SQL insert); and/or in a Lotus Notesformat. At step 421 the message is queued and delivered at step 423. Ifan email format was used, then delivery will typically use SMTP; if atext format was used, then the text file will typically be up/downloadedvia FTP or secure FTP; if an XML format was used, the XML file willtypically be up/downloaded via FTP or secure FTP; if an SQL format wasused, then delivery will typically be via an SQL insert. Delivery of themessage may be from a VPN component, such as 219 and/or 209, and/or mayfollow additional criteria, such as that delivery will be not be done ifit cannot be done via VPN or through another secure channel or only thatbest efforts will be made to deliver the message (securely orotherwise).

If the journal destination is local, a determination may be made at step431 regarding whether there is one or more than one archive to which themessage is to be sent. If there is more than one archive (more than oneplace to sent the message to for each customer associated with amessage, such as with a domain name in a message address), then at step451 a branch of the message is made for each destination, an address iscreated for the message branch at step 453, and the message branch issent to the archive (via the address) at step 455. To avoid a loopingcondition, a flag may be set and/or the address created for the messagebranch may be a specified address format which indicates that themessage branch address is derived from an address in the message andthat the created address in the message should not be used again. Theseare examples, other ways may be used to avoid looping conditions and/orto otherwise reduce processing of the branch.

At step 433 the message components are disassembled, decoded, andanalyzed, such as to obtain ASCII text, to perform optical characterrecognition (“OCR”), to perform lexical analysis on the text, and/or toperform image recognition or similar. At step 435 the message'ssender/recipient address may be mapped to alternatives, such as anaddress of <user1@example.com> mapping to <user1@2ndexample.com>. Thealternative address(es) may be stored in the envelope, header, or bodyof an outer message which contains the (now inner) message. Thealternatives may be obtained, for example, from the monitored userdatabase 222. At step 437 the output of step 433 and/or 435 are acted onaccording to rules set up by the monitor customer, such as that lexicalanalysis at step 433 found the word “lawsuit” the output of which maycause the message to be flagged or to have the word included inmessage's index.

FIG. 5 depicts a flow chart of steps in a process wherein contentobtained from a social media network is journaled and archived. At step501 the process starts and then proceeds, such as at step 503, byexecuting the process on a schedule, such as once perminute/hour/day/week/month or similar. At step 505, if not alreadyperformed, the social media network accounts associated with monitoredusers are identified, individual monitored users potentially beingassociated with more than one social media network account on one ormore social media networks. At step 507 the capture elements aredetermined, such as whether a monitor customer wants to journal andarchive all content, whether the monitor customer wants to excludeaudio, video, or other non-static content, or similar.

At step 508 a determination may be made regarding whether the monitor305 has sufficient permissions to proceed with accessing the socialmedia network to obtain the monitored user's content. Not shown, thisstep may involve accessing a database for permissions associated withthe account, determining if any permissions have been granted, ifgranted permissions have timed out (if this can be determined from, forexample, an OAUTH credential or similar), if permission requirements atthe social media network 107 have changed, or similar. This step may becombined with or be part of step 509 or may be seen in a result of step509. As discussed above, permission to access content posted to thesocial media network 107 may have been memorialized through issuance ofan OAUTH credential in a flow, by providing access credentials, orsimilar. If permissions are not sufficient, then the process may go tostep 523 where the account is flagged, the permissions assembled in step525, and the appropriate flow executed at step 527, during which theaccount holder will be requested to authorize the issuance of a newOAUTH credential or other permission token.

If permissions were sufficient at step 508, then at step 509 an API orsimilar for the social media network 107 may be used to query the socialmedia network 107 or to otherwise obtain content posted to the socialmedia network 107 by or in association with the account. If the socialmedia network does not provide a way to obtain only new data compared tothe last time that data was obtained, then at step 511 a determinationmay be made regarding whether the obtained content is new compared tothe data which has previously been obtained. This determination may beperformed by executing an MD5 message digest algorithm or similar hashfunction on the obtained data and comparing the obtained value to avalue derived from previously obtained data. If new data is not found(not shown), then the process may proceed to step 519 (discussed below).If new data is found, then at step 513 one or more new messages, such asemail messages, may be formatted to contain the new data. Email is auseful carrier for the new data because email is already used in messagejournaling and archival systems, the email bearing the content can besent to a third-party message journaling and archival system, the MIMEformat is commonly used in both email and web-based content transmissionand rendering systems, and the content can generally be formatted to behuman-readable in an email.

At step 515 the message containing the data is customized perinstructions set by the operator of the process and/or by monitorcustomers. In the context of email messages, examples of this includepre-/post-pending a string into the message subject line or body,including custom formating in the message body to distinguish differentinstances of content posted to the social media network 107 in differentparts and sub-parts of the message body, to call out the time/date (or arange of time/dates across which)the content was captured at step 509and the time/date or range of times/dates across which the content wasposted (if provided by the social media network 107), and mappingcontact or identity information obtained from the social media network107 to contact or identity information known to the operator of theprocess (obtained, for example, from the monitored user database 222),which mapped contact or identity information may be used in theaddressing for the email message.

At step 517 the message may be transmitted to, for example, a journalprocessing server, such as 221, where the message may be processed, ifit is an email message according to FIG. 4. Alternatively, the messagemay be transmitted to a journal, archive, or other repository as an XML,text, or Lotus Notes file or into a database through an SQL insert orsimilar. One message may be sent for each new content instance or foreach time content (which may comprise more than one content instance) isobtained or a message may contain more than one content instance orcontent obtained across a range of times.

At step 519 the capture status for the account relative to the socialmedia network 107 may be updated. The capture status may be recordedthrough use of a time-stamped identifier, through use of output of anMD5 or similar algorithm performed on content associated with theaccount profile, or similar.

FIG. 6 is a functional block diagram of an exemplary computing device600 that may be used to implement one or more computers described above.The computing device 600, in one basic configuration, comprises at leasta processor 602 and memory 603. Depending on the exact configuration andtype of computing device, memory 603 may be volatile (such as RAM),non-volatile (such as ROM, flash memory, etc.) or some combination ofthe two. Processing units and system memory may be combined, such as ina memory-resistor unit.

Computing device 600 includes one or more communication connections 608that allow computing device 600 to communicate with one or morecomputers and/or applications 609. Device 600 may also have inputdevice(s) 607 such as a keyboard, mouse, digitizer or other touch-inputdevice, voice input device, etc. Output device(s) 606 such as a monitor,speakers, printer, PDA, mobile phone, and other types of digital displaydevices may also be included.

Additionally, device 600 may also have other features and functionality.For example, device 600 may also include additional storage (removable604 and/or non-removable 605) including, but not limited to, solid-statemedia, magnetic or optical disks or tape. Computer storage mediaincludes volatile and nonvolatile, removable and non-removable mediaimplemented in any method or technology for storage of information suchas computer readable instructions, data structures, program modules orother data. Memory 603, removable storage 604, non-removable storage605, and smart cards 610 are all examples of computer storage media.Computer storage media includes, but is not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CD-ROM, digitalversatile disks (DVD) or other optical storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can accessed by device 600. Any such computer storage mediamay be part of device 600.

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense, as opposed to anexclusive or exhaustive sense; that is to say, in the sense of“including, but not limited to.” As used herein, the term “connected,”“coupled,” or any variant thereof means any connection or coupling,either direct or indirect, between two or more elements; the coupling ofconnection between the elements can be physical, logical, or acombination thereof. Additionally, the words “herein,” “above,” “below,”and words of similar import, when used in this application, shall referto this application as a whole and not to any particular portions ofthis application. Where the context permits, words in the above DetailedDescription using the singular or plural number may also include theplural or singular number, respectively. The word “or,” in reference toa list of two or more items, covers all of the following interpretationsof the word: any of the items in the list, all of the items in the list,and any combination of the items in the list.

The above Detailed Description of embodiments of the system is notintended to be exhaustive or to limit the system to the precise formdisclosed above. While specific embodiments of, and examples for, thesystem are described above for illustrative purposes, various equivalentmodifications are possible within the scope of the system, as thoseskilled in the relevant art will recognize. For example, while processesor blocks are presented in a given order, alternative embodiments mayperform routines having operations, or employ systems having blocks, ina different order, and some processes or blocks may be deleted, moved,added, subdivided, combined, and/or modified to provide alternative orsubcombinations. Each of these processes or blocks may be implemented ina variety of different ways. Also, while processes or blocks are attimes shown as being performed in series, these processes or blocks mayinstead be performed in parallel, or may be performed at differenttimes. Further, any specific numbers noted herein are only examples:alternative implementations may employ differing values or ranges.

1. A first computer configured to obtain content associated with a firstparty from a social media provider, which first computing deviceexecutes a method comprising the following steps: querying a socialmedia provider for content associated with the first party, whichcontent is not in a social media format; obtaining from the social mediaprovider content associated with the first party; selecting obtainedcontent to journal and/or archive; formatting an email message tocontain at least the selected obtained content; mapping the obtainedcontent to the email message format; transmitting the email message to asecond computer configured as a journal processor; updating a recordassociated with the first party to indicate that the content associatedwith the first party from the social media provider has been obtained.2. The method according to claim 1, further comprising: receiving anemail message, which message contains an inner message which had beensent to or from a monitored user; determining a format of the receivedmessage and/or of the inner message; identifying addresses of sendersand/or recipients in the received message; determining a monitorcustomer container count; if the monitor customer container count isgreater than one, then branching the message and/or inner message foreach monitor customer container count greater than one; performing apre-scan of the message and/or inner message, and analyzing the pre-scanresult to identify if the pre-scan result is associated with a journaldestination; analyzing message and/or inner message components;determining if analysis of message components is associated with ajournal destination; delivering the message and/or inner messagesthereof to at least one journal and/or archive.